Firewall Wizards mailing list archives
Re: recent telnet vulnerability
From: Balazs Scheidler <bazsi () balabit hu>
Date: Sat, 11 Aug 2001 13:30:18 +0200
nuqneH, Back to my original question, do we know any firewall that _does_protect_ (not _is_immune!_) this vulnerability?
Although my test environment is was not complete, as it seems the Telnet proxy in the soon-to-be-released Zorp 1.0 stops the attack. Here's what I did: - downloaded exploit code from securityfocus.com (zp-exp-telnetd.c) - it didn't work on my telnetd, however caused a SIGSEGV (I should have changed offsets) - fired up Zorp with telnet proxy listening on port 2323 and forwarding requests to localhost:23, changed the exploit to connect to the proxy port - launched the attack, the SIGSEGV didn't occur, Zorp logs show that some negotiations were rejected by the proxy (it allows only the required negotiations for telnet to work by default, but this can be changed by the administrator) Zorp 1.0 is not yet released, a development version (0.9.1) can however be downloaded, but it doesn't contain this proxy module. It's not yet decided whether the telnet proxy will be GPLd, or will only be available in the commercial version. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: recent telnet vulnerability Chris Keladis (Aug 02)
- Re: recent telnet vulnerability m p (Aug 02)
- Re: recent telnet vulnerability Jonas Eriksson (Aug 04)
- <Possible follow-ups>
- Re: recent telnet vulnerability ark (Aug 04)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability ark (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability Balazs Scheidler (Aug 11)
- Re: recent telnet vulnerability m p (Aug 02)